IBM Security Randori Recon sample event messages
Use these sample event messages to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
IBM Security Randori Recon sample message when you use the IBM Security Randori REST API protocol
The following sample event message shows the alert that was generated when a customer successfully enrolled with Randori Recon.
{"affiliation_state":"None","applicability":4,"attack_note":"","authority":false,"authority_distance":2,"authority_override":false,"authorization_state":"None","banners_uuid":"0e26bfc","cert_uuid":null,"characteristics_count":0,"confidence":60,"cpe":{"cpe_version":null,"edition":null,"language":null,"other":null,"part":null,"product":null,"str":"","sw_edition":null,"target_hw":null,"target_sw":null,"update":null,"vendor":null,"version":null},"criticality":2,"deleted":false,"description":"connection.","detection_criteria":{"ip":{"address":"10.0.0.1","version":4},"tcp":{"port":23}},"detection_relevance":1020,"enumerability":1,"exploitability":0,"first_seen":"2022-07-07T01:03:59.245455+00:00","headers_uuid":null,"hostname":null,"hostname_id":null,"id":"fde87907","impact_score":"None","ip":"10.0.0.1","ip_id":"fa7e4","ip_str":"10.0.0.1","last_seen":"2022-08-14T03:39:44.607092+00:00","lens_id":"08638","lens_view":"public","name":"Telnet","org_id":"e08411e","path":null,"perspective":"0000-0000-000000000000","perspective_name":"PUBLIC","poc_email":null,"poc_id":null,"port":23,"post_exploit":3,"priority_impact_factor":0.0,"priority_score":200.1,"priority_status_factor":0.0,"priority_tags_factor":0.0,"private_weakness":0,"protocol":"tcp","public_weakness":0,"randori_notes":"","reference":"","research":2,"screenshot_uuid":"48f8832c","service_id":"0e19f","status":"None","tags":{"Amazon":{"content":"Amazon","display":true,"entity_id":"4bf907","org_id":"923af11e","time_added":"2022-07-08T15:00:34.855899+00:00"}},"target_confidence":60,"target_first_seen":"2022-07-07T01:21:23.277675+00:00","target_id":"4b907","target_last_seen":"2022-08-14T03:50:44.731212+00:00","target_num_detections":1,"target_temptation":10,"tech_category":null,"temptation_last_modified":"2022-07-07T01:03:59.245455+00:00","thumbnail_uuid":"45d86","vendor":"Generic","version":""}
QRadar field name | Highlighted payload field name |
---|---|
Event ID | Randori Target - Low Priority |
Source IP | ip |
Port | port |